Conventional computerized devices, such as personal computers, laptop computers, and data communications devices (e.g., routers, switches, gateways and the like) exchange data over networks using a variety of communications mechanisms. In order to ensure privacy during these exchanges, and to prevent any malicious attacks, it is necessary to have a secured connection. One solution to this problem is via a Virtual Private Network (VPN), which creates a private network utilizing public networks and encryption and authentication technologies to allow secure remote access into a private network. A VPN allows users to privately and securely access a network such as a dedicated corporate network while remaining physically outside the dedicated network. Another solution is the authentication and authorization of devices before they are allowed to attach to a network using IEEE 802.1X related technologies for wired and wireless networks.
To ensure security, these solutions might utilize encryption and authentication to determine which computers are authorized to access a VPN termination device (e.g., VPN head end or concentrator), wireless access point or Ethernet switch. Authentication allows two devices that are in a process of setting up a secure connection to authenticate the identities of each other. Once authenticated, a secure communications session may be established between the client device and the access device over which all communications is encrypted.
Entities operating in a network are authorized to perform certain roles. In order for security to be maintained it is important that these devices are configured correctly for the roles they are authorized for. Miss-configurations often result in security vulnerabilities that can be exploited by an attacker. An example is default accounts that allow access to a device or application. Another example is an out of date software image that contains a bug allowing an attacker to take control of all or part of the system. Configuration may include the version and patch level of software and firmware; the types and versions of applications and services that are running (such as anti-virus software); the settings, options and data files configured in the software; and the hardware supporting the software.